Documentation

Ideally 3rd-party plugins and WordPress Core take care of everything GDPR related on their own and our plugin isn’t needed at all. But as of now (May 2018) taking care of GDPR is fragmented with every plugin developer figuring out the best solution on their own. As a WordPress development agency we figured whenever we help a client get a certain plugin or theme compliant as best we can we might as well share it through the WP GDPR Compliance plugin with the whole community.

Most features of the WP GDPR Compliance plugin are very impactful: to comply with GDPR we add checkboxes, create pages and log certain data. And give you control over all of that.

On this page we tell you what ALL of the options do and how you can use them to your benefit.

The Integrations tab shows you the 3rd-part plugins we support IF you have any of those activated on your site already:

Contact Form 7 (>= 4.6)

Gravity Forms (>= 1.9)

WooCommerce (>= 2.5.0)

WordPress Comments (WP Core)

WordPress Registration (WP Core)

We cannot support WP Comments when you use Jetpack.

= = = = =

Integrations tab: Contact Form 7 (CF7)

If you use Contact Form 7 and enable GDPR compliance you will see all of the active forms you have already created. You can then activate the GDPR checkbox for each form individually.

Activating means ‘adding a checkbox’ to that form. When active you are presented with a ‘Checkbox text’ (the text that accompanies the checkbox) and an ‘Error message’ for when someone does not tick the checkbox.

Within both fields you are free to use certain HTML tags:

The %privacy_policy% tag

We created this specifically for this plugin and let you control it under Settings. It simply creates a link to your Privacy Policy page. A page you should create yourself in WordPress.

Contact Form 7 doesn’t store any data (and thus no consents)

Because Contact Form 7 sends its submitted messaged to you via email rather than store it in the WordPress database the WP GDPR Compliance plugin doesn’t store ANY data going through CF7.

Activating the GDPR checkbox per form for Gravity Forms works the same as with Contact Form 7. First you enable the integration with Gravity Forms after which all of your existing forms will show up and you can activate the GDPR checkbox for each form.

Activating means ‘adding a checkbox’ to that form. When active you are presented with a ‘Checkbox text’ (the text that accompanies the checkbox) and an ‘Error message’ for when someone does not tick the checkbox.

Within both fields you are free to use certain HTML tags:

Gravity Forms stores consents in the entries

To make everything fit neatly together we log the consent given in the Gravity Forms entry itself.

This means after you’ve activated the GDPR checkbox for a form a ‘Privacy’ column will show up when you view the entries for that form in Gravity Forms. And in that column it can say one of two things per entry: ‘Not accepted’ or ‘Accepted on [date, time]’. The date and time notation will correspond with that of your WordPress installation.

‘Not accepted’ is the default value because before you were using WP GDPR Compliance visitors couldn’t comply yet. 😉

When enabling the GDPR checkbox for WooCommerce it will add a checkbox to your checkout page instantly. After activating you are presented with a ‘Checkbox text’ (the text that accompanies the checkbox) and an ‘Error message’ for when someone does not tick the checkbox.

Within both fields you are free to use certain HTML tags:

Most WooCommerce shops are already using a ‘Terms and conditions’ checkbox which can be found under WooCommerce > Settings > Checkout tab. Right now the GDPR plugin does not do anything with this particular checkbox so you might want to switch it off and mention your terms in the GDPR ‘Checkbox text’.

WooCommerce stores consents in the orders

To make everything fit neatly together we log the consent given in each order itself.

This means after you’ve activated the GDPR checkbox for WooCommerce each order contains a GDPR status which is either ‘Not accepted’ or ‘Accepted on [date, time]’. The date and time notation will correspond with that of your WordPress installation.

‘Not accepted’ is the default value because before you were using WP GDPR Compliance visitors couldn’t comply yet. 😉

When enabling the GDPR checkbox for WordPress Comments a checkbox will be added to your comment form right away. When active you are presented with a ‘Checkbox text’ (the text that accompanies the checkbox) and an ‘Error message’ for when someone does not tick the checkbox.

Within both fields you are free to use certain HTML tags:

When using Jetpack Comments the checkbox can sadly not be added.

WordPress Comments stores consents in the comments

To make everything fit neatly together we log the consent given in each comment itself.

This means after you’ve activated the GDPR checkbox for WordPress Comments each comment contains a GDPR status which is either ‘Not accepted’ or ‘Accepted on [date, time]’. The date and time notation will correspond with that of your WordPress installation.

‘Not accepted’ is the default value because before you were using WP GDPR Compliance your visitors couldn’t comply yet. 😉

When enabling the GDPR checkbox for WordPress Registration a checkbox will be added to the registration form right away. When active you are presented with a ‘Checkbox text’ (the text that accompanies the checkbox) and an ‘Error message’ for when someone does not tick the checkbox.

Within both fields you are free to use certain HTML tags:

WordPress Registration stores consents in the wpgdprc_log table

After an account is registered the given consent is added to the wpgdprc_log table.

The user can only register when it has given the consent by checking the checkbox. Of course WordPress Registration needs to be enabled in the WordPress options & in the Integration Tab of the WP GDPR Compliance plugin.

Hook(s) used for WordPress Registration

register_formregistration_errorsuser_register

= = = = =

Consents tab

Under GDPR you need to ask visitors to give their explicit consent for tracking scripts and cookies. In this tab you can add and remove the necessary scripts one by one. For example most sites will add their Google Analytics or Facebook Pixel code here.

The fields per Consent are:

Active checkbox – if you want this Consent to show up for your visitors or not.

Title – the main ‘reason’ you are asking permission for. This can be the name of a tool (‘Google Analytics’) or it can be broader (‘Advertising’) depending on your needs.

Description – an in-depth description of what people are agreeing too and what this will mean for their personal data and their visit.

Code Snippet – this is where you add the code.

Code Wrap – wrap in <script> tags or not.

Placement – whether you want the Code Snippet to be added in the ‘head’ or ‘footer’ of your site.

Required checkbox – if giving the consent is absolutely necessary.

Consents in the Settings tab

Under the Settings tab you find several things regarding the Consents. First off: when an active Consent is present a ‘Consent bar’ will show on the frontend of your website informing every visitor of their rights. This bar contains a ‘My settings’ text link and an ‘Accept’ button.

‘My settings’ leads to a modal (a kind of popup) showing all of the created Consents. Per Consent a visitor can allow for the script to be placed or not.

‘Accept’ means all the active Consents are accepted as ‘on’ or ‘allowed’.

On the Settings tab you can edit the explanation in the bar itself and change the title and description of the modal.

Because withdrawal of consent needs to be as easy as giving it we’ve created a shortcode and a menu class so your vistors can get to the modal after accepting.

When a consent has been added or edited the consent bar will reset. This means everyone who accepted the consent bar before needs to accept again. The reason we do this is because when you update your consent, your users have not accepted your new terms and therefore need to accept it again.

Another way to reset the consent bar is by clicking the ‘Reset Consent Bar’ button. This will directly reset your consent bar for everyone.

= = = = =

Requests tab

Yet another part of GDPR allows your visitors to view, edit and delete the data you have stored on them. By creating the page through Settings tab > Request User Data > Activate page or by simply putting this shortcode [wpgdprc_access_request_form] on a page you let your visitors send in such a request. We call this the ‘access request’.

In the Requests tab all of the access requests are shown and when data linked to the provided email address can be found it shows up in the ‘Requests to Process’ column. Clicking on this number lets a website owner investigate data found.

‘0’ (null) simply means no data with that email address could be found.

This request collects:

WordPress Users

WordPress Comments

WooCommerce orders

An email is then automatically send to the requester containing a link to the Request User Data page on your website. This time the page shows Users, Comments and Orders found or gives a notification if nothing was found. Found data can then be ticked to be deleted. This is the ‘Delete Request’ and again shows up under the Requests tab.

This link is available for 24 hours and can only be reached from the same device, IP address and browser session the request was performed on.

It us up to website owners to take care of the delete request. Through the Requests tab we let you anonymise all the data from a delete request.

For WordPress Users this means:

User ID

Display name

Nickname

First name

Last name

User email

For WordPress Comments this means:

Comment ID

Comment author

Comment author email

Comment author IP

For WooCommerce Orders this means:

Billing first name

Billing last name

Billing company

Billing address 1

Billing address 2

Billing postcode

Billing city

Billing phone

Billing email

Shipping first name

Shipping last name

Shipping company

Shipping address 1

Shipping address 2

Shipping postcode

Shipping city

Requests are anonymised automatically through a cronjob after 30 days. At this time a user has to put in a new request.

This is how the plugin started out. By letting you check some common website features we give some general advise on what to do.

Using the toggle buttons has no effect other then showing you additional information.

= = = = =

The wpgdprc_log table

Since version 1.4.6 we have added a log table to the plugin. This log table will be used to store all given consent, unless there is a better place to store it (in the entry of a form for example).

The log table has the following columns:

ID – The ID of the consent.

Plugin ID – The ID of the plugin where the consent was given.

Form ID – The ID of the form where the consent was given.

User – The user who has given the consent.

IP Address – The IP the consent was given from.

Date Created – When the consent was given.

Log – A text to explain more carefully for what the consent was given.

Consent text- The exact text the user has agreed to.

The developing team of this plugin will always anonymise all the necessary data before saving it in the log.

= = = = =

Changing the colors of the consent bar

Since version 1.4.8 users can change the colors of the consent bar to fit into the general theme of your website.

You can change the color of the consent bar background.

You can change the color of the text in the consent bar.

You can change the primary & secondary color of the button.

About

The WP GDPR Compliance plugin (est. November 4th, 2017) is developed by a WordPress agency based in Amsterdam, the Netherlands.

Feel free to leave a tip through PayPal:

Legal disclaimer

The creators of this plugin do not have a legal background. We assist website and webshop owners in being compliant with the General Data Protection Regulation (GDPR) but recommend contacting a law firm for rock solid legal advice.